RHEL 8
OS 2.14.0
I am trying to force OpenSearch to use AES256 encryption in Kerberos authentication.
It seems like it never accepts a keytab with entries encrypted with aes256-cts-hmac-sha-96
ktutil: add_entry -password -p HTTP/myserver@mydomain.com -k 0 -e aes256-cts-hmac-sha-96
It throws “Cannot find key of appropriate type to decrypt AP-REC - RC4 with HMAC”
Also I get the same thing when I set allow_weak_crypto=false in krb5.conf
Note that I am already setting in krb5.conf:
[libdefaults]
permitted_enctypes = aes256-cts-hmac-sha-96
I appreciate your help.